Skip to content

Instantly share code, notes, and snippets.

@hmic
Last active June 20, 2016 15:28
Show Gist options
  • Save hmic/7e8748452511d67830917bdc0658b5e6 to your computer and use it in GitHub Desktop.
Save hmic/7e8748452511d67830917bdc0658b5e6 to your computer and use it in GitHub Desktop.
cakephp3 - use Controller::isAuthorized to authorize access to actions depending on auth user
namespace App\Controller;
class UsersController extends AppController
{
public function isAuthorized($user = null)
{
$action = $this->request->params['action'];
// admin users are allowed all actions
if(isset($user['type']) && $user['type'] == 'admin') {
return true;
}
// logged in users are allowed to see the index page and lookup action
if(in_array($action, ['index', 'lookup']) && isset($user['id'])) {
return true;
}
// a logged in user can view and edit hisself, but not others
if(in_array($action, ['view', 'edit']) && isset($user['id']) && $user['id'] == $this->request->params->pass[0]) {
return true;
}
// default, access denied
return false;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment